Managing your Red Hat Enterprise Linux Guests With - Linux/VM

© 2008 IBM Corporation

Managing your Red Hat Enterprise Linux Guests With RHN Satellite

Speaker Names: Shawn Wells

Session ID: 9204

IBM Training


Agenda

What is Red Hat Network?

– What are the modules?

– What are the deployment architectures?

– How's it run on System z?

Live Demo

IBM Training


3

Red Hat Network

Red Hat's modular, Web-based Linux management platform

● Highly scalable solution

● Integrates with existing platforms

Modular approach● Updates – Management – Provisioning – Monitoring

IBM Training


4

What Is Red Hat Network?

A systems management platform designed to provide complete lifecycle management of the operating system and applications.

A single solution for lifecycle management of compute resources

– Installing and provisioning new system

– Updating systems

– Managing configuration files

– Monitoring performance

– Redeploying for a new purpose

IBM Training


5

Benefits of Red Hat Network

Lower system administration costs

Improve security

Increase productivity

● 4-10X system admin productivity, easily allowing 150+ systems/system admin● Flexible architecture allows use of GUI, API, or CLI (scripted) interface● All tasks automated - allowing you to move beyond “guru bottleneck”

● Content stream comes directly & immediately from Red Hat● Complete audit trail and various predefined reports● Policies and permissions provide centrally managed role-based administration

● Management tools let you maximize your hardware investment● Complete installation takes only minutes (Hosted) to 1-2 days (Satellite)

IBM Training


Example Usage Many enterprises want to use hardware more efficiently

Re-deploy systems quickly

Detect when demand increases

● Red Hat Network stores profiles that can include packages, custom applications, configuration files, and more

● Use the profiles to change under-utilized systems to the type of system needed to meet current business needs

● In 20-30 minutes, you can have hundreds of systems re-deployed

● Red Hat Network can alert you when systems or applications reach defined levels of performance

● Allows you to take action before customers notice performance degradation

● Demand for externally-facing services often shifts. In order to adapt to changing demand conditions, administrators need flexible systems

● It can take hours to manually re-deploy a single system

IBM Training


Red Hat Network Components

Architectures

● Hosted

● Satellite

Service Modules

● Update

● Management

● Provisioning

● Monitoring

IBM Training


Update Module

Easily obtain

security updates, patches, and new

OS versions

Remove undesired packages through

the simple RHN web interface

Automatically update systems with the latest security fixes

IBM Training


Management Module

Easily obtain

security updates, patches, and

new OS versions

Remove undesired packages

Schedule updates to occur during

maintenance windows

Assign permissions to administrators

for managing different groups or

roles

Manage groups of systems as easily as a single system

Easily obtain

security updates, patches, and

new OS versions

Remove undesired packages

Schedule updates to occur during

maintenance windows

Assign permissions to administrators

for managing different groups or

roles

Manage groups of systems as easily as a single system

IBM Training


Provisioning Module

Improve consistency by using RHN to

manage and deploy configuration files

Undo problematic changes with

snapshots and rollback

Provision existing or bare metal

systems usingpredetermined

profiles or system cloning

IBM Training


Monitoring Module

Dozens of low-impact probes can

be set for each system

Group probes into suites for fast deployment

Receive email or pager notices when a probe reaches a

predefined warning or critical threshold

IBM Training


What Can Be Monitored?

Linux: CPU Usage, Disk I/O Throughput, Disk Usage, Interface Traffic, Load, Memory Usage, Process Health, ...

Network: FTP, HTTP, HTTPS, IMAP, Ping, POP, RPCService, SSH, SMTP, ...

Log Agent: Log Size, Pattern Matching, ...

System Probes

Application Probes

● Oracle 8i/9i: Availability, Client Connectivity, Disk Sort Ratio, Index Extents, Locks, Sessions, Tablespace Usage, TNS Ping, ...

● BEA Weblogic: Heap Free, JDBC Connection Pool, Server State, ...● Apache: Processes, Traffic, Uptime● MySQL: Database Accessibility, Opened Tables, Query Rate, Threads Running

You can also create your own probes using tools provided through Red Hat Network.

IBM Training


Hosted Deployment Model

RHN Hosted● System Management

● Software Distribution

● Account Management

● Subscription Management

MANAGED SYSTEMS

RHN Proxy

WEB INTERFACE

Customer Systems

Quick setup is designed to enable management for small deployments

All system information, profiles, and packages are stored in Red Hat's servers

Each managed system connects across the Internet for all managed actions

RHN Proxy can be added to lower bandwidth use by caching packages locally

IBM Training


Satellite Deployment Module

Local database stores all packages, profiles, and system information

Syncs content from RHN Hosted, can run disconnected from the internet

Custom content distribution

MANAGED SYSTEMS

RHN Proxy

WEB INTERFACERHN Satellite• Software Distribution

• Channel Management

• Monitoring

• Provisioning

IT Applications

API LAYER

Custom Content

RHN Hosted● Software Distribution

● Subscription Management

IBM Training


Example – Single Satellite

IBM Training


Example – Multi Tiered Satellite

IBM Training


Example – Proxy Vertically Tiered Satellite

IBM Training


Example – System z

IBM Training


19

How It Works Database

Your existing database (standalone) or bundled (embedded Oracle 9i R2)

RHN Satellite Server

– Entry point for Red Hat Update Agent running on clients

– Apache HTTP server serving XML-RPC requests)

RHN Satellite Web Interface

– Advanced system, system group, user, and channel management interface

RPM Repository

– Package repository for Red Hat RPM packages as well as middleware/custom RPM packages.

IBM Training


20

How It Works Management Tools

– Database and file system syncrhonization tools

– RPM importing tools

– Channel maintenance tools (Web based)

– Errata management tools (Web based)

– User management tools (Web based)

– Client system and system grouping tools (Web based)

– Red Hat Update Agent on the client systems

IBM Training


21

Installation Requirements Software

– RHEL 4 (31-bit or 64-bit)

– @Base install

Hardware

– 1 to 2 (virtual) IFLs

– 2 to 4 GB storage (memory)

– 1 GB swap (combination VDISK, disk)

– 1 x mod3 for OS install

– Estimated 12 GB disk space for embedded database

– 6 GB per channel (disk)

IBM Training


22

Infrastructure Requirements Network Ports

– (80, 443) outbound, unless running in disconnected mode

– (80, 443) inbound, for WebUI and client requests

– (4545) outbound, if monitoring is configured and probes are active on clients

– (5222) inbound, to push actions to client systems

– (5269) inbound, to push actions to RHN Proxy Server

Other Requirements

– Red Hat Network account

– Entitlement Certificate

IBM Training


23

Example RHN Certificate (XML)<rhn-cert version="0.1">

<rhn-cert-field name="product">RHN-SATELLITE-001</rhn-cert-field><rhn-cert-field name="owner">Clay's Precious Satellite</rhn-cert-field><rhn-cert-field name="issued">2005-01-11 00:00:00</rhn-cert-field><rhn-cert-field name="expires">2005-03-11 00:00:00</rhn-cert-field><rhn-cert-field name="slots">30</rhn-cert-field><rhn-cert-field name="provisioning-slots">30</rhn-cert-field><rhn-cert-field name="nonlinux-slots">30</rhn-cert-field><rhn-cert-field name="channel-families" quantity="10" family="rhel-cluster"/><rhn-cert-field name="channel-families" quantity="30" family="rhel-ws-extras"/><rhn-cert-field name="channel-families" quantity="10" family="rhel-es-extras"/><rhn-cert-field name="channel-families" quantity="40" family="rhel-as"/><rhn-cert-field name="channel-families" quantity="30" family="rhn-tools"/><rhn-cert-field name="satellite-version">3.6</rhn-cert-field><rhn-cert-field name="generation">2</rhn-cert-field><rhn-cert-signature>

-----BEGIN PGP SIGNATURE-----Version: Crypt::OpenPGP 1.03

iQBGBAARAwAGBQJCAG7yAAoJEJ5yna8GlHkysOkAn07qmlUrkGKs7/5yb8H/nboGmhHkAJ9wdmqOeKfcBa3IUDL5 oNMEBP/dg===0Kv7

-----END PGP SIGNATURE-----</rhn-cert-signature>

</rhn-cert>

IBM Training


24

Installing RHN Satellite mount -o loop iso_filename /media/

cd /media; ./install.pl

– ./install.pl --help

– ./install.pl --disconnected

Installer steps

– Create database

– Import Satellite certificate

– Register/Activate Satellite

– Generate CA certificate for SSL traffic

IBM Training


25

Importing Packages (satellite-sync) Synchronize metadata/packages with RHN

– Satellite connected to RHN

Internal steps

– channel-families – Import/sync channel family (architecture) data

– channels – Import/sync channel data

– rpms – Import/sync RPMs

– packages – Import/sync full package data for RPMs retrieved successfully

– errata – Import/sync Errata information

IBM Training


26

Importing Packages (disconnected) Synchronize metadata/packages from Channel Content ISO

– Released shortly after each RHEL update on RHN, then in regular increments

Use channel data from another Satellite

– rhn-satellite-exporter exports channel families, architectures, channel metadata, blacklists, RPMs, RPM metadata, errata, and kickstarts

– rhn-satellite-exporter --dir=/var/sat-backup/

– scp -r storage.example.com:/var/sat-backup/* /var/rhn-sat-import

– satellite-sync --list-channels --mount-point /var/rhn-sat-import

– satellite-sync -c rhel-s390x-as-4 --mount-point /var/rhn-sat-import

– Can specify multiple channels in one command. Estimate ~2 hours per channel.

IBM Training


27

Further Information● Problem

● Where can I find further information on RHN Satellite?

● Solution

● Red Hat Knowledgebase● http://kbase.redhat.com/faq/

● RHN Documentation● https://rhn.redhat.com/help/

● RHN Satellite Users mailing list● https://www.redhat.com/mailman/listinfo/rhn-satellite-users

● RHN Satellite comes with 24/7 support● https://www.redhat.com/apps/support/

IBM Training


28

Contacting Red Hat Support● Problem

● My Satellite is not working, what should I do?

● Solution

● 1) Gather data, include● RHN Satellite Debug

● System Report

● RHN Proxy Debug (if needed)

– 2) Contact Red Hat Support with data

/usr/bin/satellite-debug

/usr/sbin/sysreport

/usr/bin/rhn-proxy-debug

IBM Training


29

QUESTIONS?


APPENDIX

System z Expo

October 13 – 17, 2008 – Las Vegas, Nevada

IBM Training


31

Tech Data● RHN Satellite Components

● Apache

● Java & RHN Push

● Monitoring

● Database & Taskomatic

● Misc data

IBM Training


32

RHN Satellite Components● Web Server – Apache

● Satellite Web UI

● /XMLRPC

● /API

● Java – Tomcat (new)

● RHN Push – Jabber

● osa-dispatcher (server side)

● osad (client side)

● Monitoring Technology (new)

● Monitoring Backend

● Monitoring Scout

● Database Server – Oracle 9i

IBM Training


33

RHN Satellite: Apache Apache processes within

RHN Satellite handle multiple types of requests

– Satellite Web UI with perl and java components

– /XMLRPC, /API & /APPLET via python

Main configuration files

– /etc/httpd/conf/httpd.conf

– /etc/httpd/conf/rhn/

– /etc/rhn/rhn.conf

Runs with standard httpd daemon on ports 80 and 443

Apache writes to various log files in the follow locations

– /var/log/rhn/

– /var/log/httpd/

Misc files of note

– SSL Certificates used by Apache

– /etc/httpd/conf/ssl.key/server.key

– /etc/httpd/conf/ssl.crt/server.crt

IBM Training


34

RHN Satellite: Java & RHN Push Tomcat is communicated to via

Apache for portions of the Java Web UI within RHN Satellite 4.0

Main configuration file

● /etc/tomcat5/tomcat5.conf

Main log directory

● /var/log/tomcat5/

Tomcat daemon listens to ports

● 8005

● 8009

● 8080

The jabber protocol is used by RHN to push scheduled actions to systems.

● Satellite connects to jabber (osa-dispatcher)

● Clients connect to jabber (osad)

Main configuration files for push technology

● /etc/jabberd/jabberd.cfg

● /etc/rhn/rhn.conf

Main log files are● /var/log/messages

● /var/log/rhn/osa-dispatcher.log

IBM Training


35

RHN Satellite: Monitoring Monitoring Backend

Monitoring Scout

Some of the monitoring configuration files


● /etc/rhn/cluster.ini

● /etc/NOCpulse.ini

● /etc/httpd/conf/rhn/rhn_monitoring.conf

Specific to Scout● /home/nocpulse/etc/SatCluster.ini

Monitoring has one main nanny script which is gogo.pl

Nearly all Monitoring logging is done within

● /home/nocpulse/var/

● /opt/notification/var/

IBM Training


36

RHN Satellite: Database RHN Satellite needs

communication to an Oracle 9i Database Server

● Embedded or External Oracle

Main configuration files for database

● /etc/tnsnames.ora


● /opt/apps/oracle/config/9.2.0/spfilerhnsat.ora

Listener daemon (tnslsnr) runs localhost only on port 1290

Main log files for Oracle● /var/log/rhn/rhn_database.log

● /rhnsat/admin/rhnsat/bdump/alert_rhnsat.log

IBM Training


37

Anything Else To Know? The most important configuration file


Two common general options of interest that can be changed

● traceback_mail – change the default email address alerts go to. Check this email address for traceback emails if something goes wrong

● debug - default is 1, setting to 5 or 6 is enough for troubleshooting

Restart RHN Satellite services using command

● service rhn-satellite restart

● This will run the following service scripts

● jabberd rhn-database osa-dispatcher taskomatic

● tomcat5 httpd Monitoring MonitoringScout

IBM Training

© 2008 IBM Corporation38

TrademarksThe following are trademarks of the International Business Machines Corporation in the United States, other countries, or both.

The following are trademarks or registered trademarks of other companies.

* All other products may be trademarks or registered trademarks of their respective companies.

Notes: Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency, which is now part of the Office of Government Commerce.

For a complete list of IBM Trademarks, see www.ibm.com/legal/copytrade.shtml:

*, AS/400®, e business(logo)®, DBE, ESCO, eServer, FICON, IBM®, IBM (logo)®, iSeries®, MVS, OS/390®, pSeries®, RS/6000®, S/30, VM/ESA®, VSE/ESA, WebSphere®, xSeries®, z/OS®, zSeries®, z/VM®, System i, System i5, System p, System p5, System x, System z, System z9®, BladeCenter®

Not all common law marks used by IBM are listed on this page. Failure of a mark to appear does not mean that IBM does not use the mark nor does it mean that the product is not actively marketed or is not significant within its relevant market.

Those trademarks followed by ® are registered trademarks of IBM in the United States; all others are trademarks or common law marks of IBM in the United States.

Documents

Managing your Red Hat Enterprise Linux Guests With - Linux/VM